Legal claims defining the scope of protection, as filed with the USPTO.
1. A non-transitory computer-readable storage medium having computer-readable code stored thereon for programming at least one processor to perform steps of: receiving a plurality of packets associated with a file, each of the plurality of packets comprising content, and a source domain; extracting one or more features from content of a first packet of the plurality of packets; applying a trained machine learning model to the extracted one or more features to determine a probability of maliciousness associated with the first packet; responsive to determining that the probability maliciousness of the first packet is between a first threshold value and a second threshold value, labeling the first packet as having an uncertain maliciousness; extracting one or more features from content of a second packet of the plurality of packets; and applying the trained machine learning model to the extracted one or more features of the first packet and the second packet to determine a probability of maliciousness associated with the second packet.
2. The non-transitory computer-readable storage medium of claim 1, wherein the steps further comprise: responsive to labeling the first packet as having an uncertain maliciousness, storing the first packet and its one or more features.
3. The non-transitory computer-readable storage medium of claim 1, wherein the steps further comprise: converting the content of the first packet and second packet of the plurality of packets into a digital representation.
4. The non-transitory computer-readable storage medium of claim 3, wherein the digital representation is any of a decimal representation, a binary representation, a hexadecimal representation, a tokenized script, and a tokenized domain.
5. The non-transitory computer-readable storage medium of claim 1, wherein the steps further comprise: labeling the file based on the probability of maliciousness.
6. The non-transitory computer-readable storage medium of claim 1, wherein the file type is one of a portable executable (PE) file, a portable document format (PDF) file, a Dynamic Loaded Library (DLL), a JavaScript (JS) file, a Hypertext Markup Language (HTML) file, and a Microsoft Office File.
7. The non-transitory computer-readable storage medium of claim 1, wherein the trained machine learning model comprises one or more decision trees.
8. The non-transitory computer-readable storage medium of claim 1, wherein the one or more features include n-gram features.
9. The non-transitory computer-readable storage medium of claim 1, wherein the one or more features include an entropy feature.
10. The non-transitory computer-readable storage medium of claim 1, wherein the one or more features include a domain feature.
11. A method comprising steps of: receiving a plurality of packets associated with a file, each of the plurality of packets comprising content, and a source domain; extracting one or more features from content of a first packet of the plurality of packets; applying a trained machine learning model to the extracted one or more features to determine a probability of maliciousness associated with the first packet; responsive to determining that the probability maliciousness of the first packet is between a first threshold value and a second threshold value, labeling the first packet as having an uncertain maliciousness; extracting one or more features from content of a second packet of the plurality of packets; and applying the trained machine learning model to the extracted one or more features of the first packet and the second packet to determine a probability of maliciousness associated with the second packet.
12. The method of claim 11, wherein the steps further comprise: responsive to labeling the first packet as having an uncertain maliciousness, storing the first packet and its one or more features.
13. The method of claim 11, wherein the steps further comprise: converting the content of the first packet and second packet of the plurality of packets into a digital representation.
14. The method of claim 13, wherein the digital representation is any of a decimal representation, a binary representation, a hexadecimal representation, a tokenized script, and a tokenized domain.
15. The method of claim 11, wherein the steps further comprise: labeling the file based on the probability of maliciousness.
16. The method of claim 11, wherein the file type is one of a portable executable (PE) file, a portable document format (PDF) file, a Dynamic Loaded Library (DLL), a JavaScript (JS) file, a Hypertext Markup Language (HTML) file, and a Microsoft Office File.
17. The method of claim 11, wherein the trained machine learning model comprises one or more decision trees.
18. The method of claim 11, wherein the one or more features include n-gram features.
19. The method of claim 11, wherein the one or more features include an entropy feature.
20. The method of claim 11, wherein the one or more features include a domain feature.
Unknown
July 1, 2025
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.